{"id":2427,"date":"2016-03-14T14:53:40","date_gmt":"2016-03-14T13:53:40","guid":{"rendered":"http:\/\/vrealize.it\/?p=2427"},"modified":"2016-03-15T09:31:44","modified_gmt":"2016-03-15T08:31:44","slug":"log-insight-importer","status":"publish","type":"post","link":"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/","title":{"rendered":"Log Insight Importer"},"content":{"rendered":"<p>Log Insight Importer ist ein neues Feature von Log Insight 3.3. Zur Zeit handelt es sich dabei um ein separates kleines Tool f\u00fcr Windows und Linux (rpm\/deb). Es kann auf der Log Insight appliance oder jeder anderen VM installiert werden und wird benutzt um nahezu beliebige Logdateien in Log Insight zu importieren. Ein Beispiel: der Nutzer sendet die Logs seiner Anwendung zu &#8211; statt mit vi kann man diese nun in Log Insight importieren und dort analysieren.<\/p>\n<ul>\n<li>Log Insight Importer kann hier heruntergeladen werden: <a href=\"https:\/\/my.vmware.com\/group\/vmware\/details?downloadGroup=VRLI-330&amp;productId=573&amp;rPId=10177\">https:\/\/my.vmware.com\/group\/vmware\/details?downloadGroup=VRLI-330&amp;productId=573&amp;rPId=10177<\/a><\/li>\n<li>Die Dokumentation finden Sie <a href=\"http:\/\/pubs.vmware.com\/log-insight-33\/index.jsp?topic=%2Fcom.vmware.log-insight.administration.doc%2FGUID-83B7CB9C-90F0-481D-8C46-D08A974F6B99.html\">hier.<\/a><\/li>\n<\/ul>\n<p>Nun angenommen, der Importer ist erfolgreich installiert. Die Benutzung ist denkbar einfach. Allerdings m\u00fcssen die zu importierenden Dateien in zip\/gzip\/tar-Format vorliegen.\u00a0 In meinem Fall habe ich eine CSV-Datei vom Kunden.<\/p>\n<h3>1. Das Archiv<\/h3>\n<p>Schritt: Datei zippen In meinem Fall habe ich die Dateien in das Verzeichnis \/tmp\/test kopiert und dann mit &#8220;tar zxvf test0000.tar.gz test&#8221; komprimiert<\/p>\n<h3>2. Der Importer<\/h3>\n<p>Log Insight Importer auf einem Linux (oder auch Windows-System) installieren. Ich benutze hier einfach meine Log Insight appliance die in VMware Fusion auf dem Macbook l\u00e4uft.<\/p>\n<p>Loginsight-importer aufrufen &#8211; ohne Argumente wird eine umfangreiche Hilfe angezeigt<\/p>\n<pre class=\"lang:sh decode:true \">localhost:\/tmp # loginsight-importer \r\nVMware Log Insight Importer. Build 3.3.0.3516686.\r\n\r\nUsage: loginsight-importer --source &lt;path&gt; --server &lt;hostname&gt; [options]\r\nSend logs from support bundle to LogInsight server.\r\n\r\n    --source &lt;path&gt;          specifies path to support bundle directory or archive (zip\/gzip\/tar).\r\n    --server &lt;hostname&gt;      destination server hostname or IP address.\r\n  options:\r\n    --port &lt;port&gt;            port for connection. If not set then 9000 will be used for non SSL connection and 9543 for SSL connection.\r\n    --logdir &lt;path&gt;          specifies path to logs directory. If not set will log to \"\/root\/.loginsight-importer\/log\".\r\n    --manifest &lt;file-path&gt;   specifies path to manifest file (.ini format). If not set importer.ini in source directory will be used.\r\n                             If there is no importer.ini file in source directory, Importer will apply the default (hardcoded) manifest and\r\n                             collect all .txt and .log files, and apply auto parser.\r\n    --no_ssl                 don't use ssl for the connection. Should not be set for authenticated connections.\r\n    --ssl_ca_path &lt;path&gt;     path to the trusted root certificates bundle file.\r\n    --tags &lt;tags&gt;            set tags for all sent events. Define tags using JSON notation, e.g. \"{\\\"tag1\\\":\\\"value1\\\"}\"\r\n    --username &lt;username&gt;    username for authentication. Required if --honor_timestamp is set.\r\n    --password &lt;password&gt;    password for authentication. Required for --honor_timestamp. If not set user will be prompted for password.\r\n    --honor_timestamp        apply parser extracted timestamp as log entry timestamp. Use file MTIME if there was no parser extracted timestamp.\r\n    --debug_level &lt;1|2&gt;      increases the verbosity level of the log file.\r\n    --help                   display help and exit.\r\n<\/pre>\n<h3>3. Das Manifest<\/h3>\n<p>Das Manifest ist enorm wichtig (nicht nur in der Geschichte des Klassenkampfes). In meinem Fall habe ich mit einfachem Manifest mit ein Paar Tags angefangen. Die Datei habe ich in dem Arbeitsverzeichnis als importer01.ini gespeichert<\/p>\n<pre class=\"lang:sh decode:true \">[filelog|tb-csv]\r\ntags={\"owner\":\"tb\",\"filetype\":\"csv\",\"testnr\":\"22\"}\r\ndirectory=**\/*\r\ninclude=test0000.csv\r\nparser=tbcsv<\/pre>\n<h3>4. Das Kommando<\/h3>\n<p>Zum Importieren benutze ich folgendes Kommando:<\/p>\n<p># loginsight-importer &#8211;source test0000.tar.gz &#8211;server localhost &#8211;manifest importer01.ini &#8211;username admin &#8211;password VMware1! &#8211;debug_level 2<\/p>\n<pre class=\"lang:sh decode:true \">localhost:\/tmp # loginsight-importer --source test0000.tar.gz --server localhost --manifest importer01.ini --username admin --password VMware1! --debug_level 2\r\nConnecting to server localhost:9543\r\nConnection successfully established.\r\nExtracting log entries from \"test0000.tar\/test\/test0000.csv\"\r\nTotal number of processed files: 1\r\nTotal number of extracted log messages: 2090\r\nTotal number of sent log messages: 2090\r\nTotal run time: 00:00:00.805047\r\n<\/pre>\n<h3>5. Die Logs<\/h3>\n<p>Da ich es nicht extra\u00a0 angegeben habe, werden die Logs des Log-Importers\u00a0 in \/root\/.loginsight-importer\/ geschrieben. Diese sind sehr hilfreich, insbesondere bei der Arbeit mit spezifischen Parsern.<\/p>\n<h3>6. Der Parser<\/h3>\n<p>Nun k\u00f6nnte man beim Importieren schon die Felder mit Namen versehen (dies erleichter nachher die Sortierung und die Analyse). In meinem Fall handelt es sich um eine CSV Datei mit 35 Feldern. Der Trick beim CSV-Parser ist, dass man alle Felder auff\u00fchren muss, also fleissig Kommas z\u00e4hlen.<\/p>\n<p>Hier ist ein Beispiel einer Manifest-Datein importer.ini\u00a0 mit dem definierten CSV-Parser:<\/p>\n<pre class=\"lang:sh decode:true \">[parser|tbcsv]\r\nbase_parser=csv\r\ndebug=yes\r\ndelimiter=,\r\nfields=type,errcode,errtime,,a5,a6,errtype,csvmessage,csvmessage2,,,,,,,,,,,,,,,,a25,appname,pool,handler,,,,,,,\r\n\r\n[filelog|tb-csv]\r\ntags={\"owner\":\"tb\",\"filetype\":\"csv\",\"testnr\":\"22\"}\r\ndirectory=**\/*\r\ninclude=test0000.csv\r\nparser=tbcsv\r\n<\/pre>\n<p>Dokumentation zu den verschiedenen\u00a0 Parsern findet man <a href=\"http:\/\/pubs.vmware.com\/log-insight-33\/index.jsp?topic=%2Fcom.vmware.log-insight.agent.admin.doc%2FGUID-44EEA955-CDC1-4344-9A4C-6EC2248033F2.html\">hier<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Log Insight Importer ist ein neues Feature von Log Insight 3.3. Zur Zeit handelt es sich dabei um ein separates kleines Tool f\u00fcr Windows und Linux (rpm\/deb). Es kann auf der Log Insight appliance oder jeder anderen VM installiert werden und wird benutzt um nahezu beliebige Logdateien in Log Insight zu importieren. Ein Beispiel: der\u2026 <span class=\"read-more\"><a href=\"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/\">Weiterlesen &raquo;<\/a><\/span><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[42,11],"tags":[16,188,43,187],"class_list":["post-2427","post","type-post","status-publish","format-standard","hentry","category-loginsight","category-unkategorisiert","tag-analyse","tag-importer","tag-logs","tag-parser"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Log Insight Importer &#187; vrealize.it - TechBlog VMware SDDC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Log Insight Importer &#187; vrealize.it - TechBlog VMware SDDC\" \/>\n<meta property=\"og:description\" content=\"Log Insight Importer ist ein neues Feature von Log Insight 3.3. Zur Zeit handelt es sich dabei um ein separates kleines Tool f\u00fcr Windows und Linux (rpm\/deb). Es kann auf der Log Insight appliance oder jeder anderen VM installiert werden und wird benutzt um nahezu beliebige Logdateien in Log Insight zu importieren. Ein Beispiel: der\u2026 Weiterlesen &raquo;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/\" \/>\n<meta property=\"og:site_name\" content=\"vrealize.it - TechBlog VMware SDDC\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-14T13:53:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-03-15T08:31:44+00:00\" \/>\n<meta name=\"author\" content=\"Tomas Baublys\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tomas Baublys\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"4\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/2016\\\/03\\\/14\\\/log-insight-importer\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/2016\\\/03\\\/14\\\/log-insight-importer\\\/\"},\"author\":{\"name\":\"Tomas Baublys\",\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/#\\\/schema\\\/person\\\/f8910a5a0c7f1d547783171cd2b40bdb\"},\"headline\":\"Log Insight Importer\",\"datePublished\":\"2016-03-14T13:53:40+00:00\",\"dateModified\":\"2016-03-15T08:31:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/2016\\\/03\\\/14\\\/log-insight-importer\\\/\"},\"wordCount\":371,\"commentCount\":2,\"keywords\":[\"Analyse\",\"importer\",\"Logs\",\"parser\"],\"articleSection\":[\"Aria Operations for Logs\",\"Unkategorisiert\"],\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/vrealize.it\\\/de\\\/2016\\\/03\\\/14\\\/log-insight-importer\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/2016\\\/03\\\/14\\\/log-insight-importer\\\/\",\"url\":\"https:\\\/\\\/vrealize.it\\\/de\\\/2016\\\/03\\\/14\\\/log-insight-importer\\\/\",\"name\":\"Log Insight Importer &#187; vrealize.it - TechBlog VMware SDDC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/#website\"},\"datePublished\":\"2016-03-14T13:53:40+00:00\",\"dateModified\":\"2016-03-15T08:31:44+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/#\\\/schema\\\/person\\\/f8910a5a0c7f1d547783171cd2b40bdb\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/2016\\\/03\\\/14\\\/log-insight-importer\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/vrealize.it\\\/de\\\/2016\\\/03\\\/14\\\/log-insight-importer\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/2016\\\/03\\\/14\\\/log-insight-importer\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/vrealize.it\\\/de\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Log Insight Importer\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/vrealize.it\\\/de\\\/\",\"name\":\"vrealize.it - TechBlog VMware SDDC\",\"description\":\"Information zu sicherem Hybrid und Multi-Cloud Computing - dispruptive Technologien im IT- Umfeld\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/vrealize.it\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/vrealize.it\\\/de\\\/#\\\/schema\\\/person\\\/f8910a5a0c7f1d547783171cd2b40bdb\",\"name\":\"Tomas Baublys\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c2126b2d052bf7dbb1a19e7d27f15879e8f3bcb3d54ffaf21e00ac8f84c554c0?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c2126b2d052bf7dbb1a19e7d27f15879e8f3bcb3d54ffaf21e00ac8f84c554c0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c2126b2d052bf7dbb1a19e7d27f15879e8f3bcb3d54ffaf21e00ac8f84c554c0?s=96&d=mm&r=g\",\"caption\":\"Tomas Baublys\"},\"url\":\"https:\\\/\\\/vrealize.it\\\/de\\\/author\\\/tbaublys\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Log Insight Importer &#187; vrealize.it - TechBlog VMware SDDC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/","og_locale":"de_DE","og_type":"article","og_title":"Log Insight Importer &#187; vrealize.it - TechBlog VMware SDDC","og_description":"Log Insight Importer ist ein neues Feature von Log Insight 3.3. Zur Zeit handelt es sich dabei um ein separates kleines Tool f\u00fcr Windows und Linux (rpm\/deb). Es kann auf der Log Insight appliance oder jeder anderen VM installiert werden und wird benutzt um nahezu beliebige Logdateien in Log Insight zu importieren. Ein Beispiel: der\u2026 Weiterlesen &raquo;","og_url":"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/","og_site_name":"vrealize.it - TechBlog VMware SDDC","article_published_time":"2016-03-14T13:53:40+00:00","article_modified_time":"2016-03-15T08:31:44+00:00","author":"Tomas Baublys","twitter_card":"summary_large_image","twitter_misc":{"Verfasst von":"Tomas Baublys","Gesch\u00e4tzte Lesezeit":"4\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/#article","isPartOf":{"@id":"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/"},"author":{"name":"Tomas Baublys","@id":"https:\/\/vrealize.it\/de\/#\/schema\/person\/f8910a5a0c7f1d547783171cd2b40bdb"},"headline":"Log Insight Importer","datePublished":"2016-03-14T13:53:40+00:00","dateModified":"2016-03-15T08:31:44+00:00","mainEntityOfPage":{"@id":"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/"},"wordCount":371,"commentCount":2,"keywords":["Analyse","importer","Logs","parser"],"articleSection":["Aria Operations for Logs","Unkategorisiert"],"inLanguage":"de","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/","url":"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/","name":"Log Insight Importer &#187; vrealize.it - TechBlog VMware SDDC","isPartOf":{"@id":"https:\/\/vrealize.it\/de\/#website"},"datePublished":"2016-03-14T13:53:40+00:00","dateModified":"2016-03-15T08:31:44+00:00","author":{"@id":"https:\/\/vrealize.it\/de\/#\/schema\/person\/f8910a5a0c7f1d547783171cd2b40bdb"},"breadcrumb":{"@id":"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/vrealize.it\/de\/2016\/03\/14\/log-insight-importer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/vrealize.it\/de\/"},{"@type":"ListItem","position":2,"name":"Log Insight Importer"}]},{"@type":"WebSite","@id":"https:\/\/vrealize.it\/de\/#website","url":"https:\/\/vrealize.it\/de\/","name":"vrealize.it - TechBlog VMware SDDC","description":"Information zu sicherem Hybrid und Multi-Cloud Computing - dispruptive Technologien im IT- Umfeld","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/vrealize.it\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Person","@id":"https:\/\/vrealize.it\/de\/#\/schema\/person\/f8910a5a0c7f1d547783171cd2b40bdb","name":"Tomas Baublys","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/c2126b2d052bf7dbb1a19e7d27f15879e8f3bcb3d54ffaf21e00ac8f84c554c0?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/c2126b2d052bf7dbb1a19e7d27f15879e8f3bcb3d54ffaf21e00ac8f84c554c0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c2126b2d052bf7dbb1a19e7d27f15879e8f3bcb3d54ffaf21e00ac8f84c554c0?s=96&d=mm&r=g","caption":"Tomas Baublys"},"url":"https:\/\/vrealize.it\/de\/author\/tbaublys\/"}]}},"_links":{"self":[{"href":"https:\/\/vrealize.it\/de\/wp-json\/wp\/v2\/posts\/2427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vrealize.it\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vrealize.it\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vrealize.it\/de\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/vrealize.it\/de\/wp-json\/wp\/v2\/comments?post=2427"}],"version-history":[{"count":6,"href":"https:\/\/vrealize.it\/de\/wp-json\/wp\/v2\/posts\/2427\/revisions"}],"predecessor-version":[{"id":2430,"href":"https:\/\/vrealize.it\/de\/wp-json\/wp\/v2\/posts\/2427\/revisions\/2430"}],"wp:attachment":[{"href":"https:\/\/vrealize.it\/de\/wp-json\/wp\/v2\/media?parent=2427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vrealize.it\/de\/wp-json\/wp\/v2\/categories?post=2427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vrealize.it\/de\/wp-json\/wp\/v2\/tags?post=2427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}